#!/bin/sh

#端口映射
#/etc/sysctl.conf
#net.ipv4.ip_forward = 1
#sysctl -p
#或者 echo 1 > /proc/sys/net/ipv4/ip_forward

#iptables -t nat -A PREROUTING -d 119.28.136.121 -p tcp --dport 26199 -j DNAT --to-destination 10.66.195.156:3306
#iptables -t nat -A POSTROUTING -d 10.66.195.156 -p tcp --dport 3306 -j SNAT --to 119.28.136.121
#iptables -A FORWARD -o eth0 -d 10.66.195.156 -p tcp --dport 3306 -j ACCEPT
#iptables -A FORWARD -i eth0 -s 10.66.195.156 -p tcp --sport 3306 -j ACCEPT

service firewalld start

firewall-cmd --zone=public --add-masquerade
firewall-cmd --permanent --zone=public --add-forward-port=port=26199:proto=tcp:toport=3306:toaddr=10.66.195.156
firewall-cmd --permanent --zone=public --add-forward-port=port=26000-26200/tcp
firewall-cmd --zone=public --remove-masquerade